CVE-2025-62221

HighCISA KEVActive Exploitation

Published: 09 December 2025

Published

09 December 2025

Modified

10 December 2025

KEV Added

09 December 2025

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0192 83.5th percentile

Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Description

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely remediation of identified flaws like this use-after-free vulnerability through patching, as prioritized by CISA KEV and Microsoft guidance.

SI-16 Memory Protection partial match

prevent

Implements memory safeguards such as DEP and ASLR to mitigate use-after-free exploits that enable privilege escalation in the driver.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Requires vulnerability scanning to identify affected Windows systems running the vulnerable Cloud Files Mini Filter Driver for prompt remediation.

Security SummaryAI

CVE-2025-62221 is a use-after-free vulnerability (CWE-416) in the Windows Cloud Files Mini Filter Driver. This flaw affects Windows systems utilizing the driver, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-12-09.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation enables privilege escalation, granting high-impact access to confidentiality, integrity, and availability of the system.

Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62221 provides details on patches and mitigation steps. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62221, indicating active exploitation in the wild.

Security practitioners should prioritize patching affected Windows systems, as real-world exploitation has been observed per CISA.

Details

CWE(s): CWE-416
KEV Date Added: 09 December 2025

Affected Products

microsoft

windows 10 1809

≤ 10.0.17763.8146 · ≤ 10.0.17763.8146

microsoft

windows 10 21h2

≤ 10.0.19044.6691

microsoft

windows 10 22h2

≤ 10.0.19045.6691

microsoft

windows 11 23h2

≤ 10.0.22631.6345

microsoft

windows 11 24h2

≤ 10.0.26100.7392

microsoft

windows 11 25h2

≤ 10.0.26200.7392

microsoft

windows server 2019

≤ 10.0.17763.8146

microsoft

windows server 2022

≤ 10.0.20348.4467

microsoft

windows server 2022 23h2

≤ 10.0.25398.2025

microsoft

windows server 2025

≤ 10.0.26100.7392

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Use-after-free vulnerability in Windows Cloud Files Mini Filter Driver enables local privilege escalation from low privileges, directly mapping to Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62221
Vendor Advisory · secure@microsoft.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-62221
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0